Unable to Track

odhiambo2 years ago

Hello all,

I am unsure what to search for in the forum, so I am forced to ask this question.
I have set up traccar now on FreeBSD (server with public IP) and I am using supervisor to start/stop/restart it. All that is fine.
I have a web UI behind Apache reverse proxy. That too is loading fine. I serve the web UI via SSL, with a valid letsencrypt certificate.

root@gw:/opt/traccar/logs # egrep -v '^$|^.*#' /usr/local/etc/apache24/Includes/traccar.cf
<VirtualHost *:80>
    ServerName tc.mydomain
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://tc.mydomain/$1 [L,R=301]
</VirtualHost>
<VirtualHost *:443>
   ServerName tc.mydomain
    DocumentRoot /opt/traccar
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyTimeout 120
    CustomLog /var/log/apache2/traccar-access.log combined
    ErrorLog  /var/log/apache2/traccar-error.log
    LogLevel warn
    LogFormat "%h %l %u %t %{Host}i \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %V %p" combined
    ProxyPass /api/socket ws://localhost:8082/api/socket
    ProxyPassReverse /api/socket ws://localhost:8082/api/socket
    ProxyPass "/"  "http://localhost:8082/"
    ProxyPassReverse "/"  "http://localhost:8082/"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile "/usr/local/etc/letsencrypt/live/tc.mydomain/fullchain.pem"
    SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/tc.mydomain/privkey.pem"
    SSLCACertificatePath  "/usr/local/etc/letsencrypt/live/tc.mydomain"
</VirtualHost>

I use PF firewall and opened it to allow a port range between 5000 and 5100 (5000><5100). This is where my confusion begins.

root@gw:/opt/traccar/logs # sockstat -l | grep :5055 | less
root     java       85260 849 tcp4  *:5055                *:*

Plus I have lots of port 5xxx open:

root@gw:/opt/traccar/logs # sockstat -l | grep :5
root     java       85260 652 tcp4  *:5211                *:*
root     java       85260 653 tcp4  *:5031                *:*
...
root     java       85260 929 tcp4  *:5102                *:*
root     java       85260 930 tcp4  *:5073                *:*
  1. Is just allowing the port range enough or do I need to forward the ports to the application somehow?

  2. I have installed the Android client app on my phone and configured the server URL as https://my-tc-domain:5055, but on the webUI, it shows that my device is Offline.
    If it matters, I have a snipped of the tracker-server.log file at: https://pastebin.ubuntu.com/p/kQJDy5J6hh/

Any help will be appreciated.

Anton Tananaev2 years ago
  1. Should be enough.
  2. Port 5055 is HTTP, not HTTPS. But based on your log I don't see anything at all on port 5055, so something else is wrong.
odhiambo2 years ago

When I do 'telnet IP-of-server 5055', I actually get connected. When I do a 'get /', then what I end up with is:

HTTP/1.1 400 Bad Request
content-length: 0

What test should I run to diagnose?

So, the port is accessible. If possible, I can provide you will access privately.

Anton Tananaev2 years ago

We have several troubleshooting guides you can follow.

odhiambo2 years ago

Responding to myself - when I configure the client with HTTP instead of HTTPS, then it is able to connect.
Is this expected? Does that mean that on the client side, no encryption takes place?

Anton Tananaev2 years ago

Not sure I understand the question. If you configure HTTPS, there will be encryption. If not, there won't be.

odhiambo2 years ago

My question is about the Android Traccar client. When I configure Server URL as HTTPS://FQDN:5055, it does not work - meaning the device doesn't register on the system.
When I change Server URL to HTTP://FQDN:5055, then I see the device registered on the system, hence my question: Does the client not support HTTPS?

Anton Tananaev2 years ago

The client app supports both. Obviously for HTTPS to work you have to enable it on the server side.

odhiambo2 years ago

Thanks for the very timely responses.
I am looking at https://www.traccar.org/configuration-file/ and TBH, I'd have been happy if examples or the options were given, and a little bit more detail added.
I am unable to figure out what I should add to traccar.xml to enable devices to use Server URL with HTTPS.

Anton Tananaev2 years ago

It has nothing to do with Traccar configuration. You have to configure an external proxy.